src/auth/passdb.c

	passdb.c revision d5abbb932a0a598f002da39a8b3326643b1b5efc
76b43e4417bab52e913da39b5f5bc2a130d3f149Timo Sirainen/* Copyright (c) 2002-2008 Dovecot authors, see the included COPYING file */
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen#include "common.h"
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen#include "array.h"
ff487c974815bdaa2d05a3b834f4c2c841f4cc34Timo Sirainen#include "password-scheme.h"
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen#include "auth-worker-server.h"
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen#include "passdb.h"
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen#include <stdlib.h>
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenstatic ARRAY_DEFINE(passdb_interfaces, struct passdb_module_interface *);
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenstatic struct passdb_module_interface *passdb_interface_find(const char *name)
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen{
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    struct passdb_module_interface *const *ifaces;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    unsigned int i, count;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    ifaces = array_get(&passdb_interfaces, &count);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    for (i = 0; i < count; i++) {
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen        if (strcmp(ifaces[i]->name, name) == 0)
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen            return ifaces[i];
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    }
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    return NULL;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen}
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenvoid passdb_register_module(struct passdb_module_interface *iface)
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen{
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    if (passdb_interface_find(iface->name) != NULL) {
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen        i_panic("passdb_register_module(%s): Already registered",
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen            iface->name);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    }
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    array_append(&passdb_interfaces, &iface, 1);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen}
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenvoid passdb_unregister_module(struct passdb_module_interface *iface)
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen{
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    struct passdb_module_interface *const *ifaces;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    unsigned int i, count;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    ifaces = array_get(&passdb_interfaces, &count);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    for (i = 0; i < count; i++) {
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen        if (ifaces[i] == iface) {
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen            array_delete(&passdb_interfaces, i, 1);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen            return;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen        }
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    }
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    i_panic("passdb_unregister_module(%s): Not registered", iface->name);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen}
1f1e81aab38d833d1c9cdc244c91fd762e0080d4Timo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainenbool passdb_get_credentials(struct auth_request *auth_request,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                const char *input, const char *input_scheme,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                const unsigned char **credentials_r, size_t *size_r)
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen{
a8e132559a7ebe54c8269d79ce29fa3338c76199Timo Sirainen    const char *wanted_scheme = auth_request->credentials_scheme;
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    const char *plaintext;
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    int ret;
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    ret = password_decode(input, input_scheme, credentials_r, size_r);
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    if (ret <= 0) {
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        if (ret < 0) {
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen            auth_request_log_error(auth_request, "password",
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                "Invalid password format for scheme %s",
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                input_scheme);
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        } else {
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen            auth_request_log_error(auth_request, "password",
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                "Unknown scheme %s", input_scheme);
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        }
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        return FALSE;
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    }
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen
b4f2560c29dacd066ba89e782d95ceed7ac473a3Timo Sirainen    if (*wanted_scheme == '\0') {
b4f2560c29dacd066ba89e782d95ceed7ac473a3Timo Sirainen        /* anything goes. change the credentials_scheme to what we
b4f2560c29dacd066ba89e782d95ceed7ac473a3Timo Sirainen           actually got, so blocking passdbs work. */
b4f2560c29dacd066ba89e782d95ceed7ac473a3Timo Sirainen        auth_request->credentials_scheme =
b4f2560c29dacd066ba89e782d95ceed7ac473a3Timo Sirainen            p_strdup(auth_request->pool, input_scheme);
b4f2560c29dacd066ba89e782d95ceed7ac473a3Timo Sirainen        return TRUE;
b4f2560c29dacd066ba89e782d95ceed7ac473a3Timo Sirainen    }
b4f2560c29dacd066ba89e782d95ceed7ac473a3Timo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    if (!password_scheme_is_alias(input_scheme, wanted_scheme)) {
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        if (!password_scheme_is_alias(input_scheme, "PLAIN")) {
ac713658d206e8d001fef7c0e36945793f2eb942Timo Sirainen            const char *error = t_strdup_printf(
49e513d090753ccbf95560b2f3a21f081a5b6c51Timo Sirainen                "Requested %s scheme, but we have only %s",
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                wanted_scheme, input_scheme);
ac713658d206e8d001fef7c0e36945793f2eb942Timo Sirainen            if (auth_request->auth->verbose_debug_passwords) {
ac713658d206e8d001fef7c0e36945793f2eb942Timo Sirainen                error = t_strdup_printf("%s (input: %s)",
ac713658d206e8d001fef7c0e36945793f2eb942Timo Sirainen                            error, input);
ac713658d206e8d001fef7c0e36945793f2eb942Timo Sirainen            }
ac713658d206e8d001fef7c0e36945793f2eb942Timo Sirainen            auth_request_log_info(auth_request, "password",
ac713658d206e8d001fef7c0e36945793f2eb942Timo Sirainen                          "%s", error);
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen            return FALSE;
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen        }
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        /* we can generate anything out of plaintext passwords */
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        plaintext = t_strndup(*credentials_r, *size_r);
790f339ebfe4924531b37e44cab68ca999c70501Timo Sirainen        if (!password_generate(plaintext,
790f339ebfe4924531b37e44cab68ca999c70501Timo Sirainen                       auth_request->original_username,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                       wanted_scheme, credentials_r, size_r)) {
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen            auth_request_log_error(auth_request, "password",
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                "Requested unknown scheme %s", wanted_scheme);
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen            return FALSE;
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        }
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen    }
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    return TRUE;
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen}
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainenvoid passdb_handle_credentials(enum passdb_result result,
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen                   const char *password, const char *scheme,
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen                   lookup_credentials_callback_t *callback,
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen                               struct auth_request *auth_request)
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen{
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    const unsigned char *credentials;
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    size_t size = 0;
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen    if (result != PASSDB_RESULT_OK) {
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        callback(result, NULL, 0, auth_request);
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen        return;
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen    }
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    if (password == NULL ||
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        !passdb_get_credentials(auth_request, password, scheme,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                    &credentials, &size))
a3dd97fb6d92a89c3de0597fed2d4b044c7aeb84Timo Sirainen        result = PASSDB_RESULT_SCHEME_NOT_AVAILABLE;
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    callback(result, credentials, size, auth_request);
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen}
473080c7c0d25ddfdf77e7dfa0ba8f73c6c669d5Timo Sirainen
157bce86d0a01477bb8ebd0d380e6b2297f326f7Timo Sirainenstruct auth_passdb *passdb_preinit(struct auth *auth, const char *driver,
8eb94c5190ba09bb6f6f068eec7bf96750f08d1dTimo Sirainen                   const char *args, unsigned int id)
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen{
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    struct passdb_module_interface *iface;
8eb94c5190ba09bb6f6f068eec7bf96750f08d1dTimo Sirainen        struct auth_passdb *auth_passdb;
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen
91e4199476cb2add8143c18583fa57e1decfea88Timo Sirainen    if (args == NULL) args = "";
0727e38ac12efb8963a339daf56255e2be1f29fcTimo Sirainen
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainen    auth_passdb = p_new(auth->pool, struct auth_passdb, 1);
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainen    auth_passdb->auth = auth;
8eb94c5190ba09bb6f6f068eec7bf96750f08d1dTimo Sirainen        auth_passdb->args = p_strdup(auth->pool, args);
8eb94c5190ba09bb6f6f068eec7bf96750f08d1dTimo Sirainen        auth_passdb->id = id;
08aea01ef9a9d20703e0fcf8618e6195c0037a44Timo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    iface = passdb_interface_find(driver);
d5abbb932a0a598f002da39a8b3326643b1b5efcTimo Sirainen    if (iface == NULL)
d5abbb932a0a598f002da39a8b3326643b1b5efcTimo Sirainen        i_fatal("Unknown passdb driver '%s'", driver);
d5abbb932a0a598f002da39a8b3326643b1b5efcTimo Sirainen    if (iface->verify_plain == NULL) {
d5abbb932a0a598f002da39a8b3326643b1b5efcTimo Sirainen        i_fatal("Support not compiled in for passdb driver '%s'",
747e77e3ab073a8e9e69c7a3e71b4593c5655d03Timo Sirainen            driver);
747e77e3ab073a8e9e69c7a3e71b4593c5655d03Timo Sirainen    }
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen    if (iface->preinit == NULL) {
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen        auth_passdb->passdb =
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen            p_new(auth->pool, struct passdb_module, 1);
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen    } else {
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen        auth_passdb->passdb =
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen            iface->preinit(auth_passdb, auth_passdb->args);
b321df9603081896b70ec44635af96d674a9839aTimo Sirainen    }
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen    auth_passdb->passdb->iface = *iface;
157bce86d0a01477bb8ebd0d380e6b2297f326f7Timo Sirainen    return auth_passdb;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen}
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainenvoid passdb_init(struct auth_passdb *passdb)
08aea01ef9a9d20703e0fcf8618e6195c0037a44Timo Sirainen{
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen    if (passdb->passdb->iface.init != NULL)
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen        passdb->passdb->iface.init(passdb->passdb, passdb->args);
e4d34f2fbee451219599d71505594df704093ce3Timo Sirainen
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainen    i_assert(passdb->passdb->default_pass_scheme != NULL ||
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainen         passdb->passdb->cache_key == NULL);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainen    if (passdb->passdb->blocking && !worker) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen        /* blocking passdb - we need an auth server */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen        auth_worker_server_init();
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen    }
08aea01ef9a9d20703e0fcf8618e6195c0037a44Timo Sirainen}
08aea01ef9a9d20703e0fcf8618e6195c0037a44Timo Sirainen
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainenvoid passdb_deinit(struct auth_passdb *passdb)
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen{
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen    if (passdb->passdb->iface.deinit != NULL)
25ee72451d16374ed27fdbf829f4ec756c778352Timo Sirainen        passdb->passdb->iface.deinit(passdb->passdb);
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen}
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenextern struct passdb_module_interface passdb_passwd;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenextern struct passdb_module_interface passdb_bsdauth;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenextern struct passdb_module_interface passdb_shadow;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenextern struct passdb_module_interface passdb_passwd_file;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenextern struct passdb_module_interface passdb_pam;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenextern struct passdb_module_interface passdb_checkpassword;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenextern struct passdb_module_interface passdb_vpopmail;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenextern struct passdb_module_interface passdb_ldap;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenextern struct passdb_module_interface passdb_sql;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenextern struct passdb_module_interface passdb_sia;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenvoid passdbs_init(void)
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen{
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    i_array_init(&passdb_interfaces, 16);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    passdb_register_module(&passdb_passwd);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    passdb_register_module(&passdb_bsdauth);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    passdb_register_module(&passdb_passwd_file);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    passdb_register_module(&passdb_pam);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    passdb_register_module(&passdb_checkpassword);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    passdb_register_module(&passdb_shadow);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    passdb_register_module(&passdb_vpopmail);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    passdb_register_module(&passdb_ldap);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    passdb_register_module(&passdb_sql);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    passdb_register_module(&passdb_sia);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen}
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenvoid passdbs_deinit(void)
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen{
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen    array_free(&passdb_interfaces);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen}